Encryption using biometric image-based key

ABSTRACT

Methods and systems according to the present disclosure improve upon known biometric security systems by not permanently storing (e.g., for later comparison as in known systems) the actual image of the biometric characteristic. Instead, an image of a biometric identifier (e.g., retina, fingerprint, etc.) may be used to form a key which may be used to secure and provide access to data. The key may be formed, in embodiments, using a neural network and/or a random input (e.g., a vector of random characters), for example. The image of the biometric identifier may be discarded, and thus may not be vulnerable to theft. In an embodiment, the key may be used in a key-based encryption system.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. provisional application No.61/897,215, filed Oct. 29, 2013, and further claims the benefit of U.S.provisional application No. 61/939,453, filed Feb. 13, 2014, both ofwhich applications are hereby incorporated by reference herein.

BACKGROUND

As more and more information is recorded, stored, and accessed inelectronic form, data security needs have increased. One method that hasbeen employed for controlling access to data is through the use ofbiometric identifiers of individuals permitted to access data. Forexample, retinal scanners and fingerprint scanners are commonly used tocontrol access to data. In addition to controlling access to data (e.g.,via access to a computer terminal, mobile computing device, or otherdevice or system), biometric scanners are often used to control accessto physical locations.

A typical biometric security system includes a scanner, a database ofimages (e.g., of fingerprints, retinas, etc.) or other conception of thedata collected from a biometric scan, and a system for comparing a givenscan with the images or other data in the database. Individuals whosescan matches an entry in the database that is permitted access may beallowed to access the data or physical location.

SUMMARY

Because known biometric security systems involve storing the actualbiometric image or signature, known biometric systems place sensitiveinformation at risk of permanent loss. If a database or other store ofbiometric data is compromised, an individual's personal data—data thatuniquely and permanently identifies an individual—is available for useagainst the individual's will. The fingerprint, retina, and otherbiometric characteristics of an individual cannot be altered. Thus, oncesuch data is compromised, the individual is permanently at risk ofidentity theft, and the security system from which the data is stolencan no longer use compromised biometric identifiers to grant and denyaccess.

Methods and systems according to the present disclosure improve uponknown biometric security systems by not permanently storing (e.g., forlater comparison as in known systems) the actual image of the biometriccharacteristic. Instead, an image of a biometric identifier (e.g.,retina, fingerprint, etc.) may be used to form a key which may be usedto secure and provide access to data. The key may be formed, inembodiments, using a neural network and/or a random input (e.g., avector of random characters), for example. The image of the biometricidentifier may be discarded, and thus may not be vulnerable to theft. Inan embodiment, the key may be used in a key-based encryption system.

An embodiment of a system for securing data that improves on knownsystems may include a processor and a non-transitory computer-readablememory storing instructions. When executed by the processor, theinstructions may cause the processor to receive a first image of abiometric identifier of a user, convert the first image into a firstkey, use the first key to encrypt data to create encrypted data, anddiscard the first image of the biometric identifier. The instructionsmay further cause the processor to discard the first key. Theinstructions may further cause the processor to receive a second imageof a biometric identifier, convert the second image into a second key,use the second key to attempt to decrypt the encrypted data, and discardthe second image. The instructions may further cause the processor todiscard the second key.

An embodiment of a method for securing data that improves on knownmethods may include receiving a first image of a biometric identifier ofa user, converting the first image into a first key, using the first keyto encrypt data to create encrypted data, and discarding the first imageof the biometric identifier. The method may further include discardingthe first key. The method may further include receiving a second imageof a biometric identifier, converting the second image into a secondkey, using the second key to attempt to decrypt the encrypted data, anddiscarding the second image. The method may further include discardingthe second key.

Biometric encryption, as described herein, provides distinct advantagesover known biometric security and other known encryption systems. Mostimportantly, because the biometric identifier of the individual is notstored, the biometric characteristic itself is not compromised if thesecurity system is compromised.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a block diagram illustrating a first exemplary embodiment of abiometric security system.

FIG. 2 is a flow chart illustrating a first exemplary embodiment of amethod of providing access to data using a biometric identifier.

FIG. 3 is a flow chart illustrating a second exemplary embodiment of amethod of providing access to data using a biometric identifier.

FIG. 4 is a block diagram illustrating a second exemplary embodiment ofa biometric security system.

FIG. 5 is a flow chart illustrating a third exemplary embodiment of amethod of providing access to data using a biometric identifier.

DETAILED DESCRIPTION

Referring to the drawings, FIG. 1 is a block diagram view of a firstexemplary embodiment of a biometric security system 10 configured toreceive biometric input from a subject 12 (which may also be referred toherein as a user 12). The biometric input may be a unique biometricidentifier of the subject 12. The first system 10 may include a sensor14 and an electronic control unit (ECU) 16, and the ECU 16 may include acomputer-readable memory 18 and a processor 20. The memory 18 mayinclude instructions that, when executed by the processor 20, cause theECU 16 to perform one or more of the tasks and methods described hereinincluding, but not limited to, providing access to data using abiometric identifier by, for example, encrypting and decrypting datausing the biometric identifier.

The sensor 14 may include a biometric characteristic reader, such as afingerprint reader, retinal scanner, etc. The sensor 14 may output(e.g., to the ECU 16) an image or other data uniquely associated withthe biometric characteristic input to the scanner—i.e., each individualscanned by the sensor may result in a different output. The sensor 14may be arranged to receive input of a unique biometric characteristicfrom a subject.

The memory 18 may include any type of volatile or non-volatilecomputer-readable memory that is non-transitory. For example, the memory18 may comprise a hard disk drive (HDD), random-access memory (RAM),read-only memory (ROM), electrically-erasable programmable read-onlymemory (EEPROM), FLASH memory, compact disk (CD), digital video disk(DVD), and/or another type of electronic storage medium. The processor20 may include any type of processor.

In addition to or as an alternative to a processor 20 and memory 18, theECU 16 may comprise another type of processing device. For example, theECU 16 may include a field-programmable gate array (FPGA),application-specific integrated circuit (ASIC), programmable logicdevice (PLD), and/or another type of processing device.

The system 10 may be provided for securing data (e.g., by encryptingand/or controlling access to such data), for controlling access to aphysical location, and/or for another security measure. Accordingly, thesensor 14 may be provided in an accessible location for a user. The ECU16 may be provided substantially in the same location as the sensor 14,or may be remote from the sensor 14. In an embodiment, the ECU 16 maystore data that will be or has been encrypted by the ECU 16 according toone or more methods of this disclosure. That is, in an embodiment, theECU 16 may store the data to which the ECU 16 controls access.

The ECU 16 may be configured (e.g., through instructions stored in thememory 18) to perform one or more tasks or methods shown and/ordescribed herein. For example, the ECU 16 may be configured to performone or more steps in a method of providing access to data using abiometric identifier.

FIG. 2 is a flow chart illustrating a first method 22 of providingaccess to data using a biometric identifier. In an embodiment, the firstmethod 22 may additionally or alternatively find use to, for example,secure a physical location or in some other security purpose (as may thesecond and third methods illustrated in and described with respect toFIGS. 3 and 5 of this disclosure). Accordingly, although the methods ofthis disclosure will be described with reference to embodiments in whichaccess to data is controlled through encryption and decryption, itshould be understood that this disclosure is not so limited.

The first method 22 may begin with a step 24 that includes receiving afirst image of a biometric identifier. The first image may be of afingerprint, retina, or other biometric identifier. The first image maybe obtained from or by a sensor, such as the sensor 14 of FIG. 1. Thefirst image may be temporarily stored in memory (e.g., the memory 18 ofFIG. 1) for the purposes of converting the first image into a key, thendeleted, as set forth in further steps of the first method 22.

The first method 22 may further include a step 26 that includesconverting the first image of the biometric identifier into a first key.The first key may be or may include, in an embodiment, a data structure(e.g., a string) that may be used as a parameter for an encryption ordecryption algorithm to encrypt or decrypt data other than the key.

The first method 22 may further include a step 28 that includes usingthe first key to encrypt data, yielding encrypted data. In anembodiment, the first key may be an input for an encryption algorithm,and the data to be encrypted may be a separate input. The encryptionalgorithm may be or may include, for example, one using a block cipherand/or a stream cipher, in an embodiment. The result of the applicationof the encryption algorithm to the data may be encrypted data.

The first method 22 may further include a step 30 that includesdiscarding the first image of the biometric identifier. Discarding thefirst image may include, in an embodiment, irretrievably removing thefirst image from one or more memory devices in which it is stored (e.g.,from the memory 18 of FIG. 1). In an embodiment, discarding the firstimage may include irretrievably removing the first image from everymemory device in which it is stored (i.e., every memory device in whichit is stored that is under the control of a device or system performingthe method). For example, discarding the first image may includeoverwriting sufficient portions of the data that comprises the storedfirst image so that the first image cannot be retrieved or reassembledfrom the remaining image data. Still further, in an embodiment, all datacomprising the stored first image may be overwritten.

The first method 22 may further include a step 32 that includesdiscarding the first key. Discarding the first key may include, in anembodiment, irretrievably removing the first key from one or more memorydevices in which it is stored. In an embodiment, discarding the firstkey may include irretrievably removing the first key from every memorydevice in which it is stored (i.e., every memory device in which it isstored that is under the control of a device or system performing themethod). For example, discarding the first key may include overwritingsufficient portions of the data that comprises the stored first key sothat the first key cannot be retrieved or reassembled from the remainingfirst key data. Still further, in an embodiment, all data comprising thefirst key may be overwritten.

The first method 22 may further include a step 34 that includesreceiving a second image of a biometric identifier. The second image maybe of a fingerprint, retina, or other biometric identifier. For example,in an embodiment, the second image may be of the same biometricidentifier as the first image (i.e., the same fingerprint, retina, etc.of the same individual as the first image). The second image may beobtained from or by a sensor, such as the sensor 14 of FIG. 1. Thesecond image may be temporarily stored in memory (e.g., the memory 18 ofFIG. 1) for the purposes of converting the second image into a key, thendeleted, as set forth in further steps of the first method.

The first method 22 may further include a step 36 that includesconverting the second image of the biometric identifier into a secondkey. The second key may be or may include, in an embodiment, a datastructure (e.g., a string) that may be used as a parameter for anencryption or decryption algorithm to encrypt or decrypt data other thanthe key.

The first method 22 may further include a step 38 that includes usingthe second key to attempt to decrypt the encrypted data. In anembodiment, the key may be an input for a decryption algorithm, and thedata to be decrypted (i.e., the encrypted data from the encrypted datafrom the encrypting data step 28 of the first method 22) may be aseparate input. If the decryption is successful, the result of applyingthe decryption algorithm to the encrypted data may be the original,unencrypted data.

The first method 22 may further include a step 40 that includesdiscarding the second image of the biometric identifier. Discarding thesecond image may include, in an embodiment, irretrievably removing thesecond image from one or more memory devices in which it is stored. Inan embodiment, discarding the second image may include irretrievablyremoving the second image from every memory device in which it is stored(i.e., every memory device in which it is stored that is under thecontrol of a device or system performing the method). For example,discarding the second image may include overwriting sufficient portionsof the data that comprises the stored second image so that the secondimage cannot be retrieved or reassembled from the remaining image data.Still further, in an embodiment, all data comprising the stored secondimage may be overwritten.

The first method 22 may further include a step 42 that includesdiscarding the second key. Discarding the second key may include, in anembodiment, irretrievably removing the second key from one or morememory devices in which it is stored. In an embodiment, discarding thesecond key may include irretrievably removing the second key from everynon-volatile memory in which it is stored (i.e., every memory device inwhich it is stored that is under the control of a device or systemperforming the method). For example, discarding the second key mayinclude overwriting sufficient portions of the data that comprises thestored second key so that the second key cannot be retrieved orreassembled from the remaining second key data. Still further, in anembodiment, all data comprising the second key may be overwritten.

A principle underlying the first method 22 is that, if the biometricidentifier in the first image is the same as the biometric identifier inthe second image, the encrypted data should be successfully decrypted.Accordingly, the same methods, algorithms, etc. may be applied in theencryption and decryption portions of the first method. For example, thesame methods, algorithms, etc. may be applied in converting the firstand second images into first and second keys. Similarly, the sameencryption scheme may be applied in the encryption step 28 and thedecryption step 38, in an embodiment.

The first method 22 may be considered a generic method of providing orcontrolling access to data that includes biometric-based encryption anddecryption of data without ongoing storage of the user's biometricinformation, thereby improving on known biometric data security systemsthat store biometric images for comparison. Two further embodiments ofmethods for providing access to data are provided in this disclosurewith respect to FIGS. 3 and 5, respectively, which may be consideredmore specific embodiments of the first method.

FIG. 3 is a flow chart illustrating a second method 44 of providingaccess to data using a biometric identifier. The second method 44 maybegin with a step 46 that includes receiving an image of a biometricidentifier. The image may be of a fingerprint, retina, or otherbiometric identifier. The image may be obtained from or by a sensor,such as the sensor 14 of FIG. 1.

With continued reference to FIG. 3, the second method 44 may continue toa step 48 that includes inputting the image of the biometric identifierinto an image processing algorithm to yield a matrix of image data. Inan embodiment, the image processing algorithm may be or may include aneural network, for example. The matrix of image data may be a vector(i.e., a one-dimensional matrix), in an embodiment. Additionally oralternatively, the image processing algorithm may include another imageprocessing method known or hereafter-developed.

The second method 44 may further include a step 50 that includesapplying a one-way function to the image data matrix to yield a securedata matrix. In an embodiment, the one-way function may be or mayinclude a cryptographic hash function, such as SHA or MDS. Of course,another type of hash function, cryptographic or otherwise, or one-wayfunction may be applied. In an embodiment (e.g., where the matrix ofimage data is a vector, for example), the secure data matrix may be anvector.

A further step 52 in the second method 44 may include combining thesecure data matrix with a random or randomized initialization matrix tocreate a secure key. The initialization matrix may be a vector, in anembodiment. The initialization matrix may be generated according to arandom process or a pseudo-random process (i.e., a deterministic processgenerating a statistically random result). The secure data matrix may becombined with the initialization matrix according to one or moremathematical or logical processes, in an embodiment. For example, theinitialization matrix and secure data matrix may be input to an XORfunction, the output of which may be the secure key, in an embodiment.Of course, additional or alternative mathematical and/or logicaloperations may be applied to create the secure key.

The second method 44 may further include a step 54 that includesencrypting or decrypting underlying data using the secure key. The keymay be used to encrypt data in any of a number of key-based encryptionschemes such as, for example, one using a block cipher and/or a streamcipher.

As noted above, the second method 44 may be used both to encrypt dataand to decrypt data. To decrypt data, the user whose biometricidentifier was used to encrypt the data may re-enter his or herbiometric identifier, and another secure key (i.e., separate from thesecure key that was used to encrypt the data) may be generated accordingto steps 46, 48, 50, 52 of the method, in an embodiment. Theinitialization matrix used to create the secure key (i.e., in step 52)for decryption may be a different random matrix than was used to createthe secure key used for encryption, in an embodiment. In the event thatthe resulting secure key is not correct (i.e., a decryption performedwith the secure key does not yield expected or intelligible data),another secure key may be generated from the biometric identifier (e.g.,using yet another different initialization matrix) to attempt to decryptthe data again. In an embodiment, a secure key may be generated multipletimes, each key being used in an attempted decryption, before the datais properly decrypted. Additionally or alternatively, in an embodiment,the secure key may be used in a symmetric encryption scheme (e.g.,instead of a password in a known password exchange scheme).

The second method 44 may be used, in an embodiment, to generate multiplekeys from a single image of a biometric identifier. For example, thesecure data matrix generated at step 50 may be combined, separately,with two or more different randomized initialization matrices at step52, resulting in two or more different keys from the same biometricidentifier. Each of the separately generated keys may be used, forexample, to secure different data (e.g., different files).

Once the secure key is used, the second method 44 may continue to a step56 that includes discarding one or more of the biometric identifierimage, the image data matrix, the secure data matrix, the initializationmatrix, and the secure key. For example, one or more of the biometricidentifier image, the image data matrix, the secure data matrix, theinitialization matrix, and the secure key may be irretrievably deletedfrom memory (e.g., overwritten with other data). In an embodiment, oneor more of the biometric identifier image, the image data matrix, thesecure data matrix, and the initialization matrix may be discarded asthe second method 44 is performed (e.g., the biometric identifier imagemay be discarded once the image data matrix is generated, the image datamatrix may be discarded once the secure data matrix is generated, andthe secure data matrix and initialization matrix may be discarded oncethe secure key is generated). In an embodiment, the secure key may bewritten directly over (i.e., into the same portion of memory as) theimage data matrix, the secure data matrix, and/or the initializationmatrix.

Keys generated according to the second method may be immune to reverseengineering, in an embodiment—i.e., due to the steps of the method, akey generated according to the second method may not be amenable toreverse engineering to determine the biometric identifier on which thekey is based. Accordingly, such a key can safely be stored and/orexchanged in a key-exchange-based encryption system such as, forexample, SSL or TLS, in an embodiment.

FIG. 4 is a block diagram view of a second exemplary embodiment of abiometric security system 60 configured to receive biometric input froma subject 12. The second system 60 includes some similar components asthe first system 10; such components are indicated in prime (′)notation. Such similar components should be understood to besubstantially the same as the components from the first system 10, butfor any alterations necessary to fulfill functions of the second systemthat are different from the first system.

The system may include a sensor 14, an electronic control unit (ECU)16′, and a source of neural network training data. The ECU 16′ mayinclude a computer-readable memory 18′ and a processor 20′, a neuralnetwork 62, and neural network training data 64. The memory 18′ mayinclude instructions that, when executed by the processor 20′, cause theECU 16′ to perform one or more of the tasks and methods described hereinincluding, but not limited to, providing access to data using abiometric identifier. The system 60 may secure data for a user andprovide access to the data for that same user, in an embodiment.

The neural network 62 may be or may include a software-based simulatedneural network, in an embodiment. Such a simulated neural network may beprogrammed according to techniques known in the art orhereafter-developed including, for example, techniques described inChris Bertram, Programming in Neural Networks (2014), which is herebyincorporated by reference, or techniques found in or enabled by theopen-source Fast Artificial Neural Network library, created by SteffenNissen. In such an embodiment, the neural network 62 may be stored asinstructions in the memory 18′ for execution by the processor 20′.

Additionally or alternatively, the neural network 62 may be or mayinclude a hardware-based neural network. Such a neural network mayinclude, for example, a nanotechnology-based emulated neural network asdescribed in U.S. Pat. No. 7,039,619, which is hereby incorporated byreference. Of course, other hardware-based neural network emulationtechniques and systems may be used, in embodiments.

The ECU 16′ may be configured to train the neural network 62 using theneural network training data 64, in an embodiment. The training data 64may be stored, in an embodiment, a database or other storage component.For example, the training data 64 may be stored in the memory 18′. Theneural network training data 64 may include generic biometric data, inan embodiment. Such biometric data may be or may include, in anembodiment, a plurality of images of a biometric input, such as retinas,fingerprints, etc. The images may be of biometric identifiers ofindividuals other than a user that uses the system to secure data.

The ECU 16′ may train the neural network 62 according to any known orhereafter-developed neural network training technique. For example, inan embodiment, the neural network 62 may be trained according to one ormore of a backpropagation method, a resilient propagation method, theLevenberg-Marquardt Algorithm, or a self-organizing map method. Suchtechniques are described in Heaton, Introduction to the Math of NeuralNetworks (2012). The neural network 62 may be trained using thebiometric data from the neural network training data 64, in anembodiment.

The ECU 16′ may be further configured to encrypt, decrypt, and/orotherwise provide access to data according to the biometric identifierof the user 12. Thus, the ECU 16′ may be configured to accept abiometric identifier from a user 12 (e.g., through the sensor 14) and tocontrol access to data according to that identifier. For example, theECU 16′ may be configured to perform one or more steps of a method ofproviding access to data using a biometric identifier.

FIG. 5 is a flow chart illustrating a third exemplary embodiment of amethod 70 of providing access to data using a biometric identifier. Thethird method 70 may begin with a step 72 that includes receiving genericbiometric data, such as a set of generic biometric images. The biometricdata may be generic in that it is not respective of a user of a system,device, etc. that provides access to data according to the method.

The third method 70 may further include a step 74 that includes traininga neural network according to the generic biometric data. The neuralnetwork may be trained according to one or more techniques such as, forexample only, a backpropagation method, a resilient propagation method,the Levenberg-Marquardt Algorithm, or a self-organizing map method. Theneural network may be configured and trained to accept an image of abiometric identifier as input and to output a key unique to thatbiometric identifier. The key may be, for example, a data structure suchas a string.

The third method 70 may further include a step 76 that includesreceiving a first image of a biometric identifier of a user. The firstbiometric image may be or may include an image of, for example, afingerprint, a retina, etc. The first image may be received from asensor, such as the sensor 14 of FIG. 4.

The third method 70 may further include a step 78 that includesconverting the image of the biometric identifier of the user into a key.For example, the converting step 78 may include using the first image asinput for the trained neural network, which may output a key. The keymay be in the form of a data structure, such as a string.

The third method 70 may further include a step 80 that includes usingthe first key to encrypt data, yielding encrypted data. In anembodiment, the first key may be an input for an encryption algorithm,and the data to be encrypted may be a separate input. The encryptionalgorithm may be, for example, one using a block cipher and/or a streamcipher, in an embodiment. The result of the application of theencryption algorithm to the data may be encrypted data.

The third method 70 may further include a step 82 that includesdiscarding the first image of the biometric identifier. Discarding thefirst image may include, in an embodiment, irretrievably removing thefirst image from one or more memory devices in which it is stored. In anembodiment, discarding the first image may include irretrievablyremoving the first image from every memory in which it is stored (i.e.,every memory device in which it is stored that is under the control of adevice or system performing the method). For example, discarding thefirst image may include overwriting sufficient portions of the data thatcomprises the stored first image so that the first image cannot beretrieved or reassembled from the remaining image data. Still further,in an embodiment, all data comprising the stored first image may beoverwritten.

The third method 70 may further include a step 84 that includesdiscarding the first key. Discarding the first key may include, in anembodiment, irretrievably removing the first key from one or more memorydevices in which it is stored. In an embodiment, discarding the firstkey may include irretrievably removing the first key from every memoryin which it is stored (i.e., every memory device in which it is storedthat is under the control of a device or system performing the method).For example, discarding the first key may include overwriting sufficientportions of the data that comprises the stored first key so that thefirst key cannot be retrieved or reassembled from the remaining firstkey data. Still further, in an embodiment, all data comprising the firstkey may be overwritten.

The third method 70 may further include a step 86 that includesreceiving a second image of a biometric identifier. The second image maybe of a fingerprint, retina, or other biometric identifier. For example,in an embodiment, the second image may be of the same biometricidentifier as the first image (i.e., the same fingerprint, retina, etc.of the same individual as the first image). The second image may beobtained from or by a sensor, such as the sensor 14 of FIG. 4.

The third method 70 may further include a step 88 that includeconverting the second image of the biometric identifier of the user intoa second key. For example, the converting step may include using thesecond image as input for the trained neural network, which may outputthe second key. The second key may be in the form of a data structure,such as a string.

The third method 70 may further include a step 90 that includes usingthe second key to attempt to decrypt the encrypted data. In anembodiment, the second key may be an input for a decryption algorithm,and the encrypted data may be a separate input. The decryption algorithmmay be, for example, one using a block cipher and/or a stream cipher, inan embodiment. The result of the decryption algorithm may be theoriginal data that was encrypted in the encryption step of the thirdmethod.

The third method 70 and second system 60 advantageously provide a datasecurity implementation that does not require the permanent storage ofthe biometric identifier of the user. As a result, the use of the user'sbiometric identifier is not compromised in the event of a data breach.In the event of such a breach (e.g., if the parameters of the neuralnetwork used to convert biometric identifiers into keys arecompromised), the neural network can simply be re-trained on differentgeneric biometric data. Furthermore, because the keys generatedaccording to the neural network may be discarded 94 after their use,even if a data breach results in the parameters of the neural networkbeing compromised, a user's biometric identifier cannot bereverse-engineered based on the breach.

Securing and providing access to data according to this disclosureprovides numerous advantages over known encryption systems. Thebiometric identifier image and/or initialization matrix may be discarded92 and/or actively deleted, so in the event of a system breach, a user'sbiometric identifier may not be available for theft. Further, becauseencryption may be based on unique biometric identifiers, the system maybe secure from breaches of a key or certificate authority involved inthe encryption process.

Although a number of embodiments have been described above with acertain degree of particularity, those skilled in the art could makenumerous alterations to the disclosed embodiments without departing fromthe sprit or scope of this disclosure. For example, all joinderreferenced (e.g., attached, coupled, connected, and the like) are to beconstrued broadly and may include intermediate members between aconnection of elements and relative movement between elements. As such,joined references do not necessarily infer that two elements aredirectly connected and in fixed relation to each other. It is intendedthat all matter contained in the above description or shown in theaccompanying drawings shall be interpreted as illustrative only and notlimiting. Changes in detail or structure may be made without departingfrom the spirit of the invention as defined in the appended claims.

Various embodiments are described herein to various apparatuses,systems, and/or methods. Numerous specific details are set forth toprovide a thorough understanding of the overall structure, function,manufacture, and use of the embodiments as described in thespecification and illustrated in the accompanying drawings. It will beunderstood by those skilled in the art, however, that the embodimentsmay be practiced without such specific details. In other instances,well-known operations, components, and elements have not been describedin detail so as not to obscure the embodiments described in thespecification. Those of ordinary skill in the art will understand thatthe embodiments described and illustrated herein are non-limitingexamples, and thus it can be appreciated that the specific structuraland functional details disclosed herein may be representative and do notnecessarily limit the scope of the embodiments, the scope of which isdefined solely by the appended claims. As used herein, the phrased“configured to,” “configured for,” and similar phrases indicate that thesubject device, apparatus, or system is designed and/or constructed(e.g., through appropriate hardware, software, and/or components) tofulfill one or more specific object purposes, not that the subjectdevice, apparatus, or system is merely capable of performing the objectpurpose.

Reference throughout the specification to “various embodiments,” “someembodiments,” “one embodiment,” or “an embodiment,” or the like, meansthat a particular feature, structure, or characteristic described inconnection with the embodiment is included in at least one embodiment.Thus, appearances of the phrases “in various embodiments,” “in someembodiments,” “in one embodiment,” or “in an embodiment,” or the like,in places throughout the specification are not necessarily all referringto the same embodiment. Furthermore, the particular features,structures, or characteristics may be combined in any suitable manner inone or more embodiments. Thus, the particular features, structures, orcharacteristics illustrated or described in connection with oneembodiment may be combined, in whole or in part, with the featuresstructures, or characteristics of one or more other embodiments withoutlimitation given that such combination is not illogical ornon-functional.

Any patent, publication, or other disclosure material, in whole or inpart, that is said to be incorporated by referenced herein isincorporated herein only to the extent that the incorporated materialsdoes not conflict with existing definitions, statements, or otherdisclosure material set forth in this disclosure. As such, and to theextent necessary, the disclosure as explicitly set forth hereinsupersedes any conflicting material incorporated herein by reference.Any material, or portion thereof, that is said to be incorporated byreference herein, but which conflicts with existing definitions,statements, or other disclosure material set forth herein will only beincorporated to the extent that no conflict arises between thatincorporated material and the existing disclosure material.

What is claimed is:
 1. A system comprising: a processor; and anon-transitory computer-readable memory storing instructions that, whenexecuted by the processor, cause the processor to: receive an image of abiometric identifier of a user; convert the image of the biometricidentifier of the user into a key by: using a neural network, whereinthe key is a mathematical representation; inputting the image of thebiometric identifier into an image processing algorithm to yield animage data matrix; applying a one-way function to the image data matrixto yield a secure image data matrix; and combining the secure image datamatrix with a randomized initialization matrix to create the key anddiscard the image of the biometric identifier of the user in response toconverting of the image into the key using the neural network.
 2. Thesystem of claim 1, wherein the instructions, when executed by theprocessor, further cause the processor to: discard the key.
 3. Thesystem of claim 1, wherein the instructions, when executed by theprocessor, further cause the processor to: convert the image of thebiometric identifier of the user into the key by inputting the image ofthe biometric identifier of the user into a trained neural network. 4.The system of claim 3, wherein the instructions, when executed by theprocessor, further cause the processor to: receive a set of genericbiometric images that does not include the image of the biometricidentifier of the user; and train a neural network on the set of genericbiometric images to yield the trained neural network.
 5. The system ofclaim 1, wherein the image of the biometric identifier of the user is afirst image and the key is a first key, further wherein theinstructions, when executed by the processor, further cause theprocessor to: receive a second image of a biometric identifier; convertthe second image of the biometric identifier into a second key; use thesecond key to attempt to decrypt the encrypted data; and discard thesecond image of the biometric identifier.
 6. The system of claim 5,wherein the instructions, when executed by the processor, further causethe processor to: convert the second image of the biometric identifierinto the second key by inputting the second image of the biometricidentifier into a trained neural network.